Risk Assesment
Risk Assesment Definition.
What is evaluating all potential risks in a process?
What is a vunerability scan?
What is a program that scans computers, networks, or applications for know weaknesses?
What is Risk MItigation?
What is taking steps to avoid risks.
What is risk transfer in risk management?
Risk transfer is the process of shifting the financial or operational impact of a risk to another party.
What does SLE stand for?
Single Loss Expectancy.
What is Buffer Overflow?
What is when too much data is forced into a set sized buffer that causes data corruption?
Name a password cracking method.
What is brute force, dictionary, or rainbow tables.
Is multifactor athentification a way to mitigate risk? True or False?
What is True?
How does insurance function as a risk transfer mechanism?
The company pays a premium, and in return, the insurer agrees to cover specified losses.
What is the formula for SLE
SLE=AVĂ—EF
What is End-of-Life
What is when a system that no longer reveives system updates or patches?
What is an example Non intrusive testing?
What is monioring the network, identifying potential risks, or looking at public data for more information,etc?
What is a Firewall?
What is software that monitors and controls incoming and outgoing traffic based on predetermined security rules.
Give an example of risk transfer in cybersecurity.
A company buys cyber insurance to cover costs from data breaches.
If an asset is worth $10,000 and EF is 0.3, what is the SLE?
$3,000.
What is Integer Overflow?
What is using a value higher or lower than the max or min of an integer type?
What is Packet Sniffing?
What is the practice of gathering, collecting and logging all the packets that pass through a computer network?
Is holding monthly meetings to educate employees on the importance of having strong passwords and avoiding phishing emails and other scams an effective way to mitigate risk? Yes or No?
What is Yes?
How can poor risk transfer agreements create new risks?
Ambiguous contracts can lead to disputes and uncovered liabilities.
How would SLE change if EF increases?
SLE increases because more of the asset is lost.
What is System Sprawl?
What is the fast expansion of systems out grows the documentation and understanding of the system?
What is a common port that is attacked?
What are ports 23, 21,22, 25, 80, 69, 110,1433, 1434, 445,
What is Pivoting?
What is using a trusted yet compromised system to attack vunerabilities in another system?
How can organizations balance risk transfer with internal risk controls?
By combining insurance/contracts with strong internal processes and safeguards.
How does SLE differ from ALE (Annual Loss Expectancy)?
SLE measures loss per incident, while ALE measures yearly expected loss.